Homepage
SonarQube Cloud is a fully managed SaaS code analysis solution for 40+ languages, delivering real-time security verification to reduce outages, improve security, and lower risk.
What is SonarQube?
The SonarQube platform delivers automated code quality and security analysis for modern development teams. Designed to seamlessly integrate with your CI/CD pipelines and DevOps tooling, it continuously reviews your source code to uncover bugs, security vulnerabilities, security hotspots, code smells, and architecture issues before code is merged or released. With broad support for 40+ programming languages and frameworks, SonarQube empowers developers and organizations to uphold high standards of code health across web, mobile, embedded, and cloud-native apps. It’s trusted by more than 7 million developers, underscoring its industry leadership as a critical solution for secure, maintainable, and high-quality software development.
Customers can choose between two delivery methods for SonarQube—SonarQube Cloud, the cloud-based, software-as-a-service (SaaS) offering or SonarQube Server, the a self-managed, self-hosted server side solution.
The SonarQube platform also includes an IDE plugin, SonarQube for IDE, that brings real-time static analysis, quick-fix guidance, and security issue detection directly into your coding editor.
Additionally, you can explore featured public projects on SonarQube Cloud and experience how other organizations leverage the platform to improve their code. See Retrieving any free organization.
Achieving high quality code
SonarQube sets high standards for all code — ensuring software is secure, reliable, and maintainable. This applies across all code types: source code, test code, infrastructure as code, glue code, scripts, and AI-generated code.
All new code, whether written by a developer or generated by an AI agent, should meet the same quality and security standards. SonarQube achieves this by providing automated code verification that surfaces bugs, vulnerabilities, and maintainability issues in real time, before code is merged or released. This helps teams maintain consistent standards across the entire codebase — and is the foundation for high-performance software engineering.
SonarQube Cloud comes with a built-in quality profile designed for each supported language, called the Sonar way profile. The Sonar way activates a set of rules applicable to most projects and is a starting point for implementing good practices across your organization.
The SonarQube solution
SonarQube is designed to help you achieve a state of high quality, verified code at every stage of development. By linking SonarQube for IDE with SonarQube Cloud or SonarQube Server, automated code analysis runs continuously across the development lifecycle. We call this the SonarQube solution. Your project settings, new code definitions, and quality profiles managed in SonarQube Cloud are applied locally to an analysis in the IDE.
SonarQube for IDE brings automated code verification directly into your development environment, surfacing issues as you write — whether authored by a developer or generated by an AI tool — so problems are caught before code is even committed.
Then, SonarQube Server and SonarQube Cloud deliver powerful static analysis by reviewing each pull request before it’s merged. This adds an essential verification layer, ensuring code quality and preventing issues from entering your codebase.
Finally, SonarQube Server and SonarQube Cloud integrate into your CI/CD pipeline, analyzing code on every build. Using quality profiles and quality gates, they automatically block code with issues from reaching production — ensuring only secure, reliable, and maintainable code makes it through.
The SonarQube solution embodies a clear methodology: Guide your AI tools and developers with the right standards, verify every line of code automatically, and solve issues at the source before they compound. Focusing on quality and verification at the point of creation ensures your codebase improves incrementally over time.
Connected Mode
Connected mode joins SonarQube Cloud with SonarQube for IDE to deliver the full SonarQube solution. While in connected mode, SonarQube Cloud sends notifications to SonarQube for IDE when a quality gate changes or a new issue is assigned to the user. Smart notifications can be enabled or disabled from the SonarQube for IDE UI while creating or editing the connection settings. In addition, SonarQube for IDE helps the engineer focus on writing high quality code by using the new code definition on the server.
Be sure to check out all of the Connected mode benefits.
Getting started
Now that you’ve heard about how SonarQube Cloud can help you verify and ship secure, reliable code, you are ready to try out SonarQube Cloud for yourself. After signing up for SonarQube Cloud using the login from your DevOps platform account (see Signing up and onboarding), you can import your organizations and repositories to set up a first analysis.
The CI-based analysis pages explain how to connect your scanner to your CI pipeline and provides instructions for analyzing your project’s branches and pull requests.
Here's a page with everything you need to learn What SonarQube Cloud can do.
Learn more
Check out the entire suite of Sonar products on the main website: SonarQube Server, SonarQube Cloud, and SonarQube for IDE.
Then, have a look at how to fix issues detected by SonarQube for IntelliJ, Visual Studio, VS Code, and Eclipse when combined with managing your code issues in SonarQube Server and SonarQube Cloud for static code analysis.
More getting started resources
And if you need help, visit our online community to search for answers and reach out with questions!
Last updated
Was this helpful?